According to this Security Advisory, Microsoft provides recommendations for administrators to harden the configurations for LDAP channel binding and LDAP signing on Active Directory domain controllers.
After researching, IWSVA 6.5 SP2 does not support enabling LDAP Channel Binding and LDAP Signing; even though it can pass the connection test via the webUI, the core process will not work.
Therefore, if the LDAP server administrators have modified the Windows registry settings (2020 LDAP channel binding and LDAP signing requirements for Windows ) for enabling these new features, they need to roll them back to the previous ones in order for IWSVA to work properly with LDAP authentication.
In any case, as stated by Microsoft, these settings will not be automatically enforced via Windows updates:
Important: The March 10, 2020 updates, and updates in the foreseeable future, will not change LDAP signing or LDAP channel binding default policies or their registry equivalent on new or existing Active Directory domain controllers.
For more details, contact Technical Support.
